Showing results for 
Search instead for 
Did you mean: 

Shutting down one tunnel shuts them all down

I have several remotes sites connected to "home" with Cisco 891 routers at each remote site.

"Home" actually consites of two different data center sites, each with a Cisco 3845 router terminating the IPSec tunnels there. One home site provides VOIP phone service, the 2nd home site provides PC Data.

Each 891 router has two IPSec over GRE tunnels configured, one tunnel goes to the VOIP home site's 3845 router, the 2nd tunnel goes to the DATA home site's 3945 router.

All of my pre-existing 891 routers are still running IOS 12.4(22)YB5, and are working fine.

My newest 891 router, purchased recently for a new remote site, shipped with IOS ver 15.0(1)M4, and when I have both tunnels configured similarly to the others, both tunnels come up and everything seems to work fine, but if I disable the VOIP tunnel with the "shutdown" command on the tunnel interface for VOIP, then the data tunnel will not come up at all, with full verbose crypto logging turned on, I never even see an attempt to bring the data tunnel up, and when I issue a "no shut" on the VOIP tunnel, both tunnels come right up.

This behavior is not seen on the original 891 routers still running 12.4. I can shutdown the VOIP tunnel and the DATA tunnel will come up, stay up just fine.

I really do not need the VOIP tunnel at this new remote site for the immediate future, but would like to keep the configs in place for the future, and also to keep all my 891s configured identically (different ip numbers of course) for consistancy's sake and easy of management.

Is this a known bug in IOS 15.x that if you issue a shutdown on one tunnel interface, it kills them all?

Do I need to install 12.4 on this 891? I'd rather keep the IOS on it that it shipped with.

Cisco Employee


At a glance it looks like misbehavior on the new IOS part, although I would like to see some config, can you try getting the IOS version to 15.0(1)M9 (I think that's the latest at the moment).

I think it's fair to say you can open a TAC case if you want us to dig into this.



I think I've decided just to roll back the IOS to 12.4 instead. That way I'll be truly consistant with IOS and configs across all my 891 remote site routers. 12.4 has been working perfectly well at the other locations. I really don't have time to fool around with debugging IOS problems unless Cisco wants to pay me my hourly consulting rate , I just need a known solution that works right now and 12.4 is it.

Content for Community-Ad